The fight against identity theft

A new research project will provide authentication and secure access to banking and other services over broadband and mobile networks by using biometric identifiers.

The research project Secure Access Control Over Wide Area Network (SWAN), is a project funded by The Research Council of Norway. The SWAN-project will research and develop innovative technologies and countermeasures to mitigate presentation attacks (also coined as spoofing attacks), which lead to a usable, economic, and privacy-preserving access control platform based on biometrics.

On 2nd November the Kick-Off meeting of the SWAN-project was held at Gjøvik University College. The project has 6 partners from Norway, Germany, France and Switzerland and is truly an European research project Gjøvik University College (http://nislab.no/biometrics_lab) as the coordinator of the project, is working closely with its partners University of Oslo (http://folk.uio.no/josang), Idiap Research Institute in Switzerland (http://www.idiap.ch/biometrics), Safran Morpho (http://www.morpho.com) and Zwipe (http://www.zwipe.com). The group assembles standing experience in identity and biometrics research and more particularly in mobile face and speaker recognition as well as in presentation attack detection (aka anti-spoofing). The team is supported by end users from the financial sector and the Association of German Banks.

The Password-based approach is vulnerable, and crime related to illegal access to different accounts is easier than ever because of password used as authentication factor, says Professor Christoph Busch at Gjøvik University College. The research will initially deal with banking transactions, but the goal is to extend the technology to other e-services such as e-health.

Biometric references will be stored, controlled and verified locally based on a pre-shared secret, which can be used to seal and authenticate transaction data. This overcomes the need of centralized storage of biometric data. Smartphones will act as hardware tokens to which the additional functionalities will be integrated to capture the biometric characteristics like (face, fingerprint, voice and eye). Focus of the research project will be biometric authentication to preserve privacy and adapt existing and emerging standards in the field.